Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine desktop central vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2018-13411
An issue exists in Zoho ManageEngine Desktop Central prior to 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
Zohocorp Manageengine Desktop Central
1 Github repository
7.2
CVSSv2
CVE-2018-13412
An issue exists in the Self Service Portal in Zoho ManageEngine Desktop Central prior to 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
Zohocorp Manageengine Desktop Central
1 Github repository
5
CVSSv2
CVE-2018-11716
An issue exists in Zoho ManageEngine Desktop Central prior to 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching lev...
Zohocorp Manageengine Desktop Central
5
CVSSv2
CVE-2018-11717
An issue exists in Zoho ManageEngine Desktop Central prior to 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail se...
Zohocorp Manageengine Desktop Central
6.4
CVSSv2
CVE-2018-12999
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows malicious users to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayic...
Zohocorp Manageengine Desktop Central 10.0.255
7.5
CVSSv2
CVE-2018-5339
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
7.5
CVSSv2
CVE-2018-5341
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
6.5
CVSSv2
CVE-2018-5342
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.
Zohocorp Manageengine Desktop Central 10.0.184
Zohocorp Manageengine Desktop Central 10.0.124
7.5
CVSSv2
CVE-2018-5338
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
Zohocorp Manageengine Desktop Central 10.0.184
Zohocorp Manageengine Desktop Central 10.0.124
6.5
CVSSv2
CVE-2018-5340
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »